* g10/getkey.c (getkey_end): Disable caching of the open keydb
handle.

--
This created a big regression for Windows because the keyring
is only released after the global ctrl is released. So if an operation
does a getkey and then tries to modify the keyring it will fail on
Windows with a sharing violation. We need to modify all
keyring write operations to also take the ctrl and close the
cached_getkey_kdb handle to make writing work. See:
https://dev.gnupg.org/T3097

* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
option for strings used to communicate with the user.
* agent/findkey.c (agent_modify_description): Likewise.
* agent/gpg-agent.c (cmd_and_opt_values): New value.
(opts): New option '--ssh-fingerprint-digest'.
(parse_rereadable_options): Set the default to MD5 for now.
(main): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--

OpenSSH has transitioned from using MD5 to compute key fingerprints to
SHA256. This patch makes the digest used when communicating key
fingerprints to the user (e.g. in pinentry dialogs) configurable.
For now this patch conservatively defaults to MD5.

* common/ssh-utils.c (dummy_realloc): New function.
(dummy_free): Likewise.
(get_fingerprint): Prepend the fingerprint with the name of the digest
algorithm. Correctly render SHA256-based ssh fingerprints.
* common/t-ssh-utils.c (sample_keys): Add SHA256 hashes for the keys.
(main): Add an option to dump the keys to gather fingerprints, also
print the SHA256 fingerprint for keys given as arguments, and check
the SHA256 fingerprints of the test keys.

Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/. Since
the project has transitioned to a better workflow for supporting
contributions, we should ensure that our documentation points to the
right place.

* tests/gpgme/gpgme-defs.scm: Use the scdaemon from the build tree
when writing a 'gpg-agent.conf'.
* tests/gpgsm/gpgsm-defs.scm: Likewise.
* tests/openpgp/defs.scm: Likewise.
--

As of 97a2394ecafaa6f58e4a1f70ecfd04408dc15606 gpg may query the
scdaemon for a signing key to use. To make sure that the agent calls
the right scdaemon, we provide the path explicitly in the
'gpg-agent.conf' that is used in the tests, similar to what we do for
the agent itself and the pinentry.

* tests/openpgp/all-tests.scm: Run each test twice, once with public
keys stored in a keybox, once with a keyring.
* tests/openpgp/defs.scm (create-gpghome): Create a public keyring to
make GnuPG use that instead of creating a keybox if '--use-keyring' is
given.
* tests/openpgp/setup.scm: Fix flag handling and usage.
--

The 'keyring' keystore depends on the number of packets for delete and
update operations. With the rework of the ring trust packets, the
trust packets were no longer properly accounted for leading to keyring
corruptions.

* tests/gpgscm/tests.scm (test-pool): Rework reporting. Filter using
the computed test status instead of the return value. Also print the
new categories 'failed expectedly' and 'passed unexpectedly'.
(test): If a test ends with a bang (!), it is expected to fail. Adapt
status, status-string, and xml accordingly.
--

Allow tests to be marked as being expected to fail by appending a bang
(!) to the tests name. If such a test fails, it will not be counted
as failure, but will still be prominently displayed in the report. If
it succeeds unexpectedly, this is counted as a failure.

TinySCHEME being a SECD-machine needs to push frames onto the dump
stack. Previously, the dump stack was a list. This required four
cells for the spine, as well as up to one additional cell to encode
the current opcode. This was quite inefficient despite the fact that
we recovered the spine as well as the integer cell.

We introduce frame objects, which are a special variant of vectors of
length four. Since the length is fixed, this frees up the length
field of the vector object to store the unboxed opcode. A frame
object now fits in two cells.

Saving two or three cells is a mere byproduct, the performance gain
comes from increased locality, unboxed opcode representation, and the
ability to easily put the objects in a free list, keeping the garbage
collector out of the continuous motion of the virtual machine.

--
The default is still to install as Adminstrator system wide
but the user now has the option to explicitly install GnuPG without
Administrator rights. A warning will be shown in that case but
a user may continue.

The defaults for gpg and dirmngr are good. Both programs should work
fine for the simple case without any config file. The skeleton config
files were being copied at first use (when the defaults are fine).
But when the user needs to fiddle with them (after they've become
sophisticated users), they're likely out of date because gpg has been
upgraded since then. So they're used for documentation, but they're
stale documentation, which is probably worse than a clean empty file.

* tests/gpgme/gpgme-defs.scm (python): Fix Python detection.
--
In 25e6444b3f4601c7821beab06bc4520deacb007b we changed the way GPGME
creates the build directory for the Python bindings. We now use the
basename of the interpreter as an identifier, that means we have to
get the base name right, a link to the same binary is not sufficient.

* tests/gpgscm/tests.scm (test-pool, tests): Previously, these methods
updated objects by creating new updated copies of the object being
manipulated. This made the code awkward without any benefit,
therefore I change it to just update the object.

* tests/gpgscm/scheme-private.h (CELL_MINRECOVER): New macro.
* tests/gpgscm/scheme.c (_get_cell): Move the heuristic to get more
cells...
(gc): ... here where every caller benefits from the optimization.